×

Access control model for sharing composite electronic health records. (English) Zbl 1184.68491

Bertino, Elisa (ed.) et al., Collaborative computing: networking, applications and worksharing. 4th international ICST conference, CollaborateCom 2008, Orlando, FL, USA, November 13–16, 2008. Revised selected papers. Berlin: Springer (ISBN 978-3-642-03353-7/pbk; 978-3-642-03354-4/ebook). Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering 10, 340-354 (2009).
Summary: The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.
For the entire collection see [Zbl 1181.68002].

MSC:

68T35 Theory of languages and software systems (knowledge-based systems, expert systems, etc.) for artificial intelligence
68M14 Distributed systems

Software:

XPath; ANSYS
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] IEEE-USA’s Medical Technology Policy Committee Interoperability Working Group (ed.): Interoperability for the National Health Information Network (NHIN). IEEE-USA EBOOKS (2006)
[2] Bartschat, W., Burrington-Brown, J., Carey, S., Chen, J., Deming, S., Durkin, S.: Surveying the RHIO landscape, a description of current rhio models, with a focus on patient identification. J. AHIMA 77(1), 64A–64D (2007)
[3] Dolin, R.H., Alschuler, L., Boyer, S., Beebe, C., Behlen, F.M., Biron, P.V.: Hl7 clinical document architecture, release 2.0. ANSI Standard (2004)
[4] openEHR Community: openEHR, http://www.openehr.org
[5] HL7: Health level 7 (HL7), http://www.hl7.org
[6] Chadwick, D.W., Mundy, D.: Policy based electronic transmission of prescriptions. In: Proceedings of the 4th International Workshop on Policyies for Distributed Systems and Networks (POLICY 2003), pp. 197–206 (2003) · doi:10.1109/POLICY.2003.1206974
[7] Eyers, D.M., Bacon, J., Moody, K.: OASIS role-based access control for electronic health records. In: IEE Proceedings – Software, pp. 16–23 (2006) · doi:10.1049/ip-sen:20045038
[8] Becker, M.Y., Sewell, P.: Cassandra: flexible trust management, applied to electronic health records. In: Proceedings of IEEE 17th Computer Security Foundations Workshop, pp. 139–154 (2004) · doi:10.1109/CSFW.2004.1310738
[9] Bhatti, R., Moidu, K., Ghafoor, A.: Policy-based security management for federated healthcare databases (or RHIOs). In: Proceedings of the international workshop on Healthcare Information and Knowledge Management, pp. 41–48 (2006) · doi:10.1145/1183568.1183577
[10] Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 224–274 (2001) · Zbl 05453940 · doi:10.1145/501978.501980
[11] Fernández, E.B., Gudes, E., Song, H.: A model for evaluation and administration of security in object-oriented databases. IEEE Trans. Knowl. Data Eng. 6(2) (1994) · Zbl 05108997 · doi:10.1109/69.277771
[12] Rabitti, F., Bertino, E., Kim, W., Woelk, D.: A model of authorization for next-generation database systems. ACM Transactions on Database Systems (TODS) 16(1), 88–131 (1991) · doi:10.1145/103140.103144
[13] Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and enforcing access control policies for xml document sources. World Wide Web Journal 3(3), 139–151 (2000) · Zbl 1012.68988 · doi:10.1023/A:1019289831564
[14] Damiani, E., di Vimercati, S.D.C., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security (TISSEC) 5(5), 169–202 (2002) · Zbl 05453929 · doi:10.1145/505586.505590
[15] Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proceedings of the 15th Annual Working Conference on Database and Application Security (2001) · Zbl 1007.68010
[16] Iowa Foundation for Medical Care: HISPC state implementation project summary and impact analysis report for the state of Iowa (2007), http://www.ifmc.org/news/State
[17] Dimitropoulos, L.L.: Privacy and security solutions for interoperable health information exchange: Interim assessment of variation executive summary (2007), http://www.rti.org/pubs/avas_execsumm.pdf
[18] Clark, J., DeRose, S.: XML path language (XPath) version 1.0. World Wide Web Consortium (W3C) (1999), http://www.w3.org/TR/xpath
[19] Science Applications International Corporation (SAIC): Healthcare RBAC task force charter, v1.1 (2003), http://www.va.gov/RBAC/docs/HealthcareRBACTCharterv1_1.pdf
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.